To:
dnsop@cafax.se
From:
Pekka Savola <pekkas@netcore.fi>
Date:
Sun, 16 Mar 2003 14:05:56 +0200 (EET)
Sender:
owner-dnsop@cafax.se
Subject:
comments on -ietf-dnsop-ipv6-dns-issues-02
Hi,
A few comments on dnsop-ipv6-dns-issues.
non-editorial
-------------
Abstract
This memo summarizes DNS related issues when transitioning a network
to IPv6. Consensus and open issues are presented.
==> note: it is very, very dangerous to say "Consensus and open issues" when
they aren't clearly separated in the text. There certainly is consensus for
some issues, but certainly not all..
This rules out IPv6-only recursive DNS servers and DNS zones served
only by IPv6-only DNS servers. This approach could be revisited
if/when translation techniques between IPv4 and IPv6 were to be
widely deployed.
==> recursive v6-only servers could also recurse from dualstack recursive
servers, right? As long as the recursive DNS server chain leads to a
non-recursive dual-stack server, the first point is moot. (Performance,
reliability, etc. are another issues entirely :-).
As the number of possible PTR records would be huge (2^80) for a /48
prefix, a possible solution would be to use wildcards entries like:
*.0.1.2.3.4.5.6.7.8.9.a.b.c.ip6.arpa. IN PTR customer-42.local-
ISP.net
==> note: that reverse entry corresponds to a /52, not /48.
9. Security considerations
Using wildcard DNS records in the reverse path tree may have some
implication when used in conjunction with DNSsec. Security
considerations for referenced documents are described in those memos
and are not replicated here.
==> one might note that in the case of reverse DNS lookup where a wildcard
would be returned (the lazy/pragmatic ISP scenario), the result would be
worthless anyway (ie. not useful as a security mechanism). So this may be
a protocol concern, but not really an operational one as far as I can see.
mostly editorial
----------------
Status of this memo
This memo provides information to the Internet community. It does not
specify an Internet standard of any kind. This memo is in full
conformance with all provisions of Section 10 of RFC2026
==> nontypical boilerplate ordering.
expected to have several addresses with different scopes. [ADDRSELEC]
recommends to use the lowest possible scope possible for
==> s/possible for/for/ (seems mostly redundant)
3.3 Reverse path DNS for site local addresses.
==> the section titles should be mostly uppercase, no periods necessary
may require cooperation from the upstream IPSs. The problem here is
==> s/IPS/ISP/
that, especially in the case of home usage of 6to4, the entity being
delegated the x.y.z.t.2.0.0.2.ip6.arpa. zone (the ISP) may not be the
==> better use x.x.y.y.z.z.t.t.2.0.0.2.ip6.arpa ?
10. Author addresses
==> s/Author/Authors'/
11. References
==> split refs, put the authors (surname, initial) first
[RFC1918] Address Allocation for Private Internets. Y. Rekhter, B.
Moskowitz, D. Karrenberg, G. J. de Groot, E. Lear. February
1996.
--
Pekka Savola "You each name yourselves king, yet the
Netcore Oy kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
#----------------------------------------------------------------------
# To unsubscribe, send a message to <dnsop-request@cafax.se>.